Email security: a practical Email Security Checklist, and three things you can do right now

Multi-factor authentication ensures secure access to your email infrastructure, preventing unauthorized access even if a password is compromised.

Make sure your system rejects external emails to invalid users. Your email defenses should securely connect and dynamically synchronize with the email service you’re using, automating user creation, and validating recipients. This should include removing them if they’re no longer current.

Email security scanning should include analyzing the header, body, attachments, and links.

Advanced anti-spam filters analyze the SMTP-related information of the email header and body, checking the sender’s IP and network related information, checking the reputation of the sending mail server, and preventing graymail.

It’s essential for your email security to detect all malicious file types and file extensions, which bad actors hide in file formats such as images and ZIP files. Coverage should include media files (MIME) such as ELF, registry, self-extracting and installer.

Emails need to be vetted against a comprehensive set of threat detection engines, using multiple antivirus engines for known signature-based detection, and heuristic and behavioral analysis.

Your inbound email defenses need to provide time-of-click protection, rewriting links within emails. This URL sandboxing technology dynamically scans the website (and any redirects) to detect suspicious behavior, malicious content such as JavaScript, and other embedded objects or code.

Malware can now recognize sandbox environments and delay attacks – your sandbox needs to be able to sanitize and remove any active elements and disarm the file straight away. The sanitized version can then be delivered to the user and the original isolated in quarantine (or the entire document blocked).

Your defenses should be able to scan the body of emails for prohibited keywords that will enable you to block undesirable content, criminal or cultural.

This ensures that employee accounts cannot be used to send malicious content. Some email security solutions automatically exempt an email from further checks if a domain or IP address is authorized – this can create a security risk for your organization. Being able to retract emails also helps prevent data loss through human error (for example, sending information to the wrong person).

For maximum security, and to remove the need for recipient registration, an encryption key should be delivered to the sender of the encrypted message and the key sent to the recipient by a means other than email. For data protection, all your encrypted emails should be stored on your email security system, and not on shared cloud infrastructure.

Your email defenses should contain a way to analyze emails for patterns in the subject and the body and detect content such as credit card numbers, social security numbers, wild card 16-digit keys or 8-digit passwords. You can then apply rules based on the content identified, such as blocking the email from being sent, or forwarding it to a shared mailbox.